In this video I will be sharing with you what is Amazon GuardDuty, and walk through the process of EC2 threat detection from alarm triggered, security analysis, all the way to identifying the attacker, and remediate the risks.
So for this particular scenario, was it a specific IAM User affected or just an IAM role? In this scenario, would the role have to replaced or that specific IAM user's credentials replaced? Thanks!
This is a nice overview of the UI, and of the shape of a typical attack, but I'd like to have seen an attack that wasn't so simple for the system to detect. Alerting on a request from an IP that you already knew was suspicious is not exactly magic.